All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
- Upgrade cross-spawn to mitigate CVE-2024-21538
- RDS instances will now be automatically started 10 minutes prior to their preferred maintenance windows
- Clamped role session name to 64 characters to fix scenario where longer namespaces could cause runtime errors during sts assume
- Fixed long-term retry logic for EC2/RDS scheduling. EC2 and RDS will now retry start actions on instances that failed during the previous scheduling cycle
- Fixed AccessDenied error when spoke account self-registration process attempted to create a log group
- Upgrade Werkzeug to mitigate CVE-2024-49766 and CVE-2024-49767
- Fixed bug in Nth weekday logic that would sometimes cause Nth weekday to be interpreted as 1 week too early
- added rds:CreateDBSnapshot and rds:AddTagsToResource snapshot to scheduling roles to support recent changes to RDS IAM requirements.
- Upgrade pyca/cryptography to mitigate GHSA-h4gh-qq45-vh27
- Fixed China region compatibility issues by adding new -cn variants of solution stack templates
- Fixed bug in RDS Scheduling Logic that would cause the scheduler to crash when more than 100 tagged RDS instances were present in a single scheduling target
- added SECURITY.md file with instructions on how security issues can be reported to AWS
- Upgrade fast-xml-parser to mitigate CVE-2024-41818
- Fixed an error that caused CloudFormation-managed schedules using the (now deprecated) UseMaintenanceWindow flag be an un-updatable
- Upgrade Certifi to mitigate CVE-2024-39689
- Scheduler CLI installation process now uses a version-agnostic installation process
- Lambda memory size for orchestration and asg scheduling lambdas is now configurable
- Fixed an error that would cause maintenance window scheduling to fail when the SSM api returned expired maintenance windows without a
NextExecutionTime
property - Fixed KMS encryption key being deleted when DynamoDB tables were configured to be retained on stack delete
- Fixed an error that caused ASG schedule updates to fail when more than 5 schedules were updated at once
- Fixed a possible name conflict with Operational Insights Dashboard when deploying multiple copies of Instance Scheduler to the same account
- Upgrade braces to mitigate CVE-2024-4068
- Upgrade urllib3 to mitigate CVE-2024-37891
- Removed e2e testing pipeline from public assets
- Added support for scheduling of Neptune and DocumentDB clusters
- Added support for scheduling of ASG through the automatic creation of Scheduled Scaling Rules from configured schedules
- Added optional Operational Insights Dashboard to CloudWatch for monitoring and insights into solution performance
- Added support for using multiple EC2 maintenance windows with a single schedule
- Added ability to specify KMS keys that Instance Scheduler should be granted permissions to use when starting EC2 instances with encrypted EBS volumes
- Separated "Scheduled Services" parameter into individual enabled/disabled parameters for each supported service
- Upgrade Python runtime to 3.11
- Extensive refactoring to internal code to improve code quality and testability
- CloudWatch metrics feature renamed to "Per Schedule Metrics" and integrated with new Operational Insights Dashboard
- DynamoDB Deletion Protection now enabled by default on solution DynamoDB tables.
- Refactored maintenance window dynamodb table to be more cost-efficient at scale
- Updated schedule logs to include SchedulingDecision entries for all decisions made by the EC2/RDS schedulers.
- Scheduler CLI will now error when attempting to overwrite schedules managed by CloudFormation
- Configuration settings from CloudFormation parameters no longer duplicated in DynamoDB
- Remove deprecated "overwrite" Schedule flag (distinct from still-supported "override" flag)
- Cloudwatch Metrics feature replaced with Operational Monitoring
- Fixed deployment error in China partition, introduced in v1.5.0
- Fixed bug where CloudFormation Schedules used UTC timezone if not specified in template (instead of stack default)
- Fixed bug that would cause the scheduling request handler lambda would hang when trying to scheduler more than 50 RDS instances in the same region
- Fixed bug that would sometimes cause the CFN schedule custom resource to error when many schedules were deployed in parallel
- Fixed bug that would cause spoke stacks to not be correctly deregistered from the hub stack when undeployed
- Fixed bug in cli describe_schedule_usage command that would incorrectly estimate the behavior of schedules using nth weekday expressions
- Fixed bug that would cause schedules using monthday ranges of the format "n-31" to fail to load in months with less days then the end of the range (such as February)
- Fixed configured_in_stack property not being correctly applied to periods deployed by CloudFormation custom resource.
- Break monolith Lambda Function and permissions apart based on principle of least privilege
- Spoke stack trust permissions restricted to only specific lambda roles in the Hub account
- Allow KMS keys for scheduling encrypted EBS volumes to be specified directly on hub/spoke stacks in cloudformation rather needing to be added to scheduling roles manually
- Upgrade Requests to mitigate CVE-2024-35195
- Upgrade werkzeug to mitigate CVE-2024-34069
- Upgrade jinja2 to mitigate CVE-2024-34064
- Upgrade Black to mitigate CVE-2024-21503
- Upgrade idna to mitigate CVE-2024-3651
- Upgrade cryptography to mitigate CVE-2024-26130, CVE-2023-50782, CVE-2024-0727, CVE-2023-49083
- Upgrade Jinja to mitigate CVE-2024-22195
- Upgrade Werkzeug to mitigate CVE-2023-46136
- Upgrade IP to mitigate CVE-2023-42282
- Remove ecdsa to mitigate CVE-2024-23342
- Upgrade @babel/traverse to mitigate CVE-2023-45133
- Upgrade urllib3 to mitigate CVE-2023-45803
- Upgrade cryptography to mitigate GHSA-v8gr-m533-ghj9 and GHSA-jm77-qphf-c4w8
- Upgrade urllib3 to mitigate CVE-2023-43804
- Upgrade certifi to mitigate CVE-2023-37920
- Add a default start and stop tag
- Use EC2 API more efficiently when filtering EC2 instances for scheduling
- Use system tzdata instead of pytz
- Upgrade Python runtime to 3.10
- Package CLI as sdist and wheel
- Refactoring, type hinting, and improved testing
- Add projen for managing project configuration
- Restore Python 3.8 support to CLI
- Fix bug starting EC2 instances at least 10 minutes before maintenance windows
- Fix bug targeting RDS instances that are part of an Aurora cluster for scheduling
- Fix bug where EC2 instances failing to start or stop cause an entire batch to fail to start or stop
- Fix bug where the instance type field on a period in a CloudFormation schedule has no effect
- Fix bug creating CloudWatch log streams when hub scheduling is disabled
- Upgrade cryptography to mitigate CVE-2023-38325 and CVE-2023-2650
- Upgrade aws-cdk-lib to mitigate CVE-2023-35165
- Upgrade fast-xml-parser to mitigate CVE-2023-34104
- Upgrade requests to mitigate CVE-2023-32681
- Upgrade word-wrap to mitigate CVE-2023-26115
- Upgrade semver to mitigate CVE-2022-25883
- Enable solution to support deployment using organization id.
- Lambda code is organized with tox.
- Development/e2e testing pipeline included under source/infrastructure/pipeline capable of automatically deploying and testing solution.
- App Registry integration
- Boto Retry module could cause unintended high lambda utilization in case of API failures.
- Cross account scheduling no longer requires IAM role name but only account id.
- Upgrade certifi to mitigate CVE-2022-23491.
- Updated issues in bandit scan.
- Updated the CDK version 2.x
- Replaced the DescribeLogStreams API call used for getting the next sequence token with PutLogEvents API call to reduce the lambda execution time #307
- Enable solution to be deployed as mutliple stacks in the same account/region
- Fix the SSM Maintenance window issue where solution was not fetching SSM Maintenance windows from other account/regions
- Updated logging utility to remove incorrect timestamp
- Fixed issue with scheduler stopping instances at UTC time even when configured with other timezones and Period having weekday configured as Wed#4. Github Issue
- Modified Anonymous Data reporting refer implementation guide for details.
- Removed redundant logging of UTC timestamp along with the Account/Region default stamp in logs in AWS CloudWatch.
- Fixed Github Issue for scheduler-cli.
- Update the project to utilize aws cdk constructs for cloudformation template creation.
- Fix the issue for ensuring throttling is avoided to cloudwatch API's from github PR #177
- Fix the issue to start instances before the SSM maintenance window beings #101
- Updated the SSM feature to reduce lambda cost
- Added HIBERNATE to the list of valid schedule properties
- Fix the issue for new instances launched outside of the schedule period #127
- Fix the issue for retries failures to due incompatible code #133
- Fix the issue for instances being stopped after maintenance window begins #101
- Upgraded the Solution to Python 3.7